VMware Hands-on Labs - HOL-1901-01-CMP

Lab Guidance

Note: It may take more than 90 minutes to complete this lab. You should expect to only finish 2-3 of the modules during your time. The modules are independent of each other so you can start at the beginning of any module and proceed from there. You can use the Table of Contents to access any module of your choosing.

The Table of Contents can be accessed in the upper right-hand corner of the Lab Manual.

In this lab we introduce vRealize Operations and vRealize Log Insight. We will show administrators how to navigate through the solution interfaces to find the information that they need, and touch on the most popular features of the tools.

In addition we have included modules for administrators that simply want to see what feature enhancements were included in the most recent releases of vRealize Operations and vRealize Log Insight.

Location of the Main Console

The area in the RED box contains the Main Console. The Lab Manual is on the tab to the Right of the Main Console.

A particular lab may have additional consoles found on separate tabs in the upper left. You will be directed to open another specific console if needed.

Your lab starts with 90 minutes on the timer. The lab can not be saved. All your work must be done during the lab session. But you can click the EXTEND to increase your time. If you are at a VMware event, you can extend your lab time twice, for up to 30 minutes. Each click gives you an additional 15 minutes. Outside of VMware events, you can extend your lab time up to 9 hours and 30 minutes. Each click gives you an additional hour.

Alternate Methods of Keyboard Data Entry

During this module, you will input text into the Main Console. Besides directly typing it in, there are two very helpful methods of entering data which make it easier to enter complex data.

Click and Drag Lab Manual Content Into Console Active Window

You can also click and drag text and Command Line Interface (CLI) commands directly from the Lab Manual into the active window in the Main Console.

Accessing the Online International Keyboard

You can also use the Online International Keyboard found in the Main Console.

Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.

Click once in active console window

In this example, you will use the Online Keyboard to enter the "@" sign used in email addresses. The "@" sign is Shift-2 on US keyboard layouts.

Click once in the active console window.

Click on the Shift key.

Click on the @ key

Click on the "@ key".

Notice the @ sign entered in the active console window.

Activation Prompt or Watermark

When you first start your lab, you may notice a watermark on the desktop indicating that Windows is not activated.

One of the major benefits of virtualization is that virtual machines can be moved and run on any platform. The Hands-on Labs utilizes this benefit and we are able to run the labs out of multiple datacenters. However, these datacenters may not have identical processors, which triggers a Microsoft activation check through the Internet.

Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft licensing requirements. The lab that you are using is a self-contained pod and does not have full access to the Internet, which is required for Windows to verify the activation. Without full access to the Internet, this automated process fails and you see this watermark.

This cosmetic issue has no effect on your lab.

Look at the lower right portion of the screen

Please check to see that your lab is finished all the startup routines and is ready for you to start. If you see anything other than "Ready", please wait a few minutes. If after 5 minutes your lab has not changed to "Ready", please ask for assistance.

Module 1 - Overview of vRealize Operations (60 minutes)

Introduction

Welcome to Module 1 - the vRealize Operations Overview. In this module, we explore the main concepts within vRealize Operations, learn how to navigate the user interface, and look at how to interpret the information provided by the solution. By the end of the module, you should feel comfortable with the major features within vRealize Operations - including optimizing your environment, capacity planning and troubleshooting. You will have a good understanding of how to navigate through the information provided, and where to go for further help.

Introducing Intent-Based Operations

VMware vRealize Operations introduces intent-based operations. It’s not enough to just move workloads around to balance them. In fact, that can be harmful if lower priority workloads are moved into clusters or hosts that are serving critical VMs. This is why vRealize Operations 6.7 lets you define your business and operational intent in policy.

Do you prefer to balance your workloads or consolidate them onto fewer hosts?

How much risk is acceptable? What headroom would you like for unplanned or burst demand?

How can you meet specific business requirements for SLA tiers, license policies, compliance and availability?

Tag-Based VM Placement allows you to set criteria for VM placement based on vSphere tags, while Workload Placement Policy specifies your intent for your environment.

Log in to the vRealize Operations HVM instance

This lab environment is running three different instances of vRealize Operations and one instance of vRealize Log Insight. We have the different vRealize Operations instances in order to be able to work through different use cases that have unique requirements. The lab instances are as follows:

Live Instance: Connected to the small running vSphere environment in the lab. There isn't a large inventory of objects in this instance but it allows us to interact with vCenter.

Historical Instance: Running a 30-minute time loop of data that was captured in the past. This instance has a much larger inventory of objects but since it is not currently connected to a vCenter, we can't perform any actions here.

Blue Medora Management Packs: Also running in historical mode, this instance has a large number of management packs from Blue Medora that allow us to see information from adjacent infrastructure (storage and physical servers) as well as operating system and application information.

In this lesson we will be using the Historical Instance of vRealize Operations.

If you are already logged into the historical (not live) instance of vRealize Operations, click here to skip ahead.

Open the Chrome Browser from Windows Quick Launch Task Bar

If your browser isn't already open, launch Google Chrome

Click the Chrome icon on the Windows Quick Launch Task Bar

Open the vRealize Operations - Historical Instance Tab

The browser home page has links to the different instances of vRealize Operations that are running in the lab.

Click the vRealize Operations - Historical Instance link to open the UI in a new browser tab

Log in to vRealize Operations

If Local Users is not the default, click the drop down as shown and click Local Users

Enter user credentials. Username is admin and password is VMware1!

Click LOG IN

Navigating the vRealize Operations User Interface

The vRealize Operations Manager User Interface (UI) has seen major improvements in versions 6.6 and 6.7. The new UI was designed with simplification in mind, making relevant information easily accessible and contextually relevant. This lesson will highlight the major components to the vRealize Operations Manager UI, to demonstrate the ease of navigation through the solution.

Understanding the User Interface

There are several components to the UI, and several paths to the same content. The major areas of navigation are:

The Title Bar

The Content Pane, which will usually display a dashboard containing other links

The Navigation Pane, which is contextual to the title bar and can be hidden or displayed by clicking on the chevron << in the top right-hand corner of the pane.

Note the chevron for hiding or showing the navigation pane.

Quick Start Page

The Quick Start page in vRealize Operations 6.7 is a navigation dashboard that focuses on the four high-level functional objectives that vRealize Operations Manager addresses. It is the default dashboard when you log in, or click on Home in the title menu bar. It contains the following sections:

Optimize Performance

Optimize Capacity

Troubleshoot

Manage Configuration

These areas will be explored in more detail in the upcoming lesson, "Exploring vRealize Operations Manager".

The Title Bar

The title bar runs across the top of the vRealize Operations Manager user interface. On the left hand side of the menu is the main menu, which contains the top level menu items for vRealize Operations:

Home

Dashboards

Alerts

Environment

Administration

You use the title bar menu to navigate through the major areas of the UI.

Title Bar - Top Right

The title bar includes icons on the right hand side for:

Search

Refresh

Notifications

User Preferences

There is also a link to video help (indicated by the arrow in the screenshot). This link is very useful when getting familiar with vRealize Operations Manager, as it will take you videos relevant to where you are in the tool. This lab may not have internet access, so remember to check out video help when you return to your own environment.

User Preferences

Now we will start to explore some of the menu options. Review the User Menu, in the top right of the title bar:

Click on the person icon.

Review the items available in the dropdown.

The dropdown displays the current user (admin), and the menu items listed here:

Preferences: Set display preferences for the current user.

Help: Link to online documentation, including instructional videos.

About: Display software version information.

Log Out: Log out the current user.

Collection Notifications

Review the Collection Notifications menu:

Click on the bell icon.

Review the items available in the drop down.

The Collection Notifications dropdown shows the collection status of configured data sources. The administrator can quickly see if there are adapter instances that are not sending data. Clicking on the adapter instance name will link to the solution configuration page where adapter issues can be diagnosed. Since we are using the historical view mode instance of the tool, no data is being collected. You can ignore any errors.

Refresh

Review the Refresh icon. To refresh the data presented in the content pane:

Click on the refresh icon.

This may be necessary when you have resolved an issue and are waiting for an alert to clear, for example.

Navigation Pane

The navigation pane is on the left hand side of the content pane, and can be hidden by the << symbol. The links in the navigation pane are dependent on the area of the solution the user is currently in. For example, the navigation pane seen here is associated with the Home section.

Click on << to hide, (then >> to show) the navigation pane.

Review the menu items in the navigation pane.

Click through the main menu items to see how the links in the navigation pane change depending on the menu context:

Home

Dashboards

Alerts, etc

Did the options in the navigation pane change?

Home

Return to the Home screen if you are not already there:

Click on Home in the title bar menu.

Now that you are familiar with the basic layout of the interface, we can navigate to the areas that will provide immediate value and deep insight into your environment. We will first explore the major areas within vRealize Operations Manager by using the options in the title bar.

Dashboards

Switch to the Dashboards view:

Click on Dashboards in the title bar menu.

Alerts

Switch to the Alerts view:

Click on Alerts in the title bar menu.

Environment

Switch to the Environment view:

Click on Environment in the title bar menu.

Administration

Switch to the Administration view:

Click on Administration in the title bar menu.

Conclusion

This concludes the lesson "Navigating the vRealize Operations Manager User Interface". You now have a good understanding of the main navigation options and the locations of key content.

Next, let's explore some of the key concepts for vRealize Operations Manager.

vRealize Operations Concepts

Before we dig deeper into vRealize Operations, it is important to understand the key concepts and associated terminology that allow us to interpret the information displayed by the solution.

This lesson covers the following concepts:

Monitoring Objects - Metrics, Badges and Health

Actionable Alerts

Dashboards and Reports

Management Packs/Extensibility

Monitoring Objects in Your Managed Environment

You can use vRealize Operations to resolve problems that your customers raise, respond to alerts that identify problems before your customers report them, and generally monitor your environment. Everything under management by vRealize Operations is an object. Objects can be virtual machines, datastores, applications, port groups, and other vSphere and non-vSphere constructs. Objects have properties and metrics.

Each object is a small piece of the overall picture, but there are times when you want to be able to access information associated with an object directly. For example, a user calls with a performance issue with a virtual machine. You may decide to start troubleshooting at the virtual machine object level and work outwards. From there, you can identify associated objects, relationships, metric thresholds and so forth.

Actionable Alerts

Alerts are generated when a metric or a group of metrics exceeds a threshold. Thresholds can be dynamically determined by vRealize Operations analytics, or manually set by an administrator.

Alert definitions are a combination of symptoms and recommendations that identify problem areas and generate alerts. Alert definitions are provided for various objects in your environment. You can also create your own alert definitions.

Alerts within vRealize Operations not only identify an issue, but also provide recommendations and actions to be taken when an alert is triggered. These actions can be triggered automatically (either immediately or during a scheduled window), or configured to require manual initiation. Actionable alerts are central to the Self-Driving Data Center as they provide several levels of automation that can be increased as users become more comfortable with letting the environment respond to issues in an automated fashion.

Components that make up an alert definition include:

Symptoms

Recommendations

Actions

Notifications

Dashboards and Reports

Dashboards and Reports in vRealize Operations are used to display information that is consumable and contextual to the needs of the user. Dashboards and reports are made up of smaller units of display called widgets and views.

Dashboards present a visual overview of the performance and state of objects in your infrastructure. You use dashboards to determine the nature and timeframe of existing and potential issues within your environment.

Reports are point-in-time (scheduled or on-demand) snapshots of views and dashboards that can be exported in PDF or CSV format.

There are dozens of dashboards and reports available with the core solution. vRealize Operations Advanced (or higher) also allow the creation and customization of dashboards and reports.

Management Packs/ Extensibility

Management packs for vRealize Operations extend the operational management capabilities of the platform to provide operational visibility into additional, non-vSphere solutions. Management packs can be created by VMware or by third parties. Management packs contain:

Adapter configuration for third party solution

Metrics

Dashboards

Alerts and recommendations

Management packs for vRealize Operations can be downloaded through vRealize Suite Lifecycle Manager, or directly from the VMware Solution Exchange https://marketplace.vmware.com/

Blue Medora is a company that VMware has partnered with for the development of management packs for third party integrations.

Conclusion

This concludes the lesson on vRealize Operations Concepts. In the next lesson, we put these concepts to use as we further explore vRealize Operations.

Exploring vRealize Operations

In this lesson we will really start to see the power of vRealize Operations, and the Self-Driving capabilities it can bring to your datacenter. We will walk through the major functions within the tool, and put some of the concepts that we learned in the previous lesson into practice.

This lesson is laid out following the top level menu items in the new 6.7 "Quick Start" page, which is the first page that you see when you click on the "Home" tab. It is broken down into the same segments:

Optimize Performance

Optimize Capacity

Troubleshoot

Manage Compliance

Feel free to explore links and other areas within the tool as we move through this lesson, coming back to the "Quick Start" dashboard to pick up the lesson as needed.

Optimize Performance

The workload optimization feature of vRealize Operations is the control center of your self-driving datacenter. You define business and operational intent, and then vRealize Operations will take necessary actions to keep your workload resources optimized.

Workload Optimization works closely with DRS to ensure applications have the resources they need. Workload optimization will evaluate resources required and in use across clusters, allowing you to migrate workloads between clusters as needed.

Continuous Performance Optimization - Assure application performance based on business and operational intent

Assess Performance

Define business or operational intent

Automate workload optimization and balancing

Report

Optimize Performance is covered in more detail in HOL 1901-02: Optimize Performance and Assess vSphere Configuration and Compliance with vRealize Operations.

Optimize Capacity

The capacity optimization components of vRealize Operations ensure efficient capacity management of your environment, making sure that you are getting the most from your infrastructure resources and are planning appropriately for growth.

Efficient Capacity Management - Run your infrastructure like a service provider by using optimal densification, proactive planning and procurement

Assess capacity and costs.

Identify savings and automate reclamation.

Predict demand and shortfalls, and get intelligent recommendations.

Plan capacity based on demand across clouds.

Optimize Capacity is covered in more detail in HOL 1901-03: Optimize Capacity and Cost Savings with vRealize Operations.

Intelligent Remediation is covered in more detail in HOL 1901-04: Monitor and Troubleshoot Your Infrastructure and Applications with vRealize Operations and Log Insight

Conclusion

In this module we walked through the high level content available in vRealize Operations. There is far too much information and functionality to cover in one lab, but this module should have given you a good overview of vRealize Operations and its capabilities. Follow up with additional HOLs that go deeper into each area.

Module 2 - Overview of vRealize Log Insight (45 minutes)

Introduction

Welcome to Module 2 - the vRealize Log Insight Overview. In this module, we will explore the main concepts within vRealize Log Insight, learn how to navigate the user interface, and look at how to interpret the information provided by the solution. By the end of the module, you should feel comfortable with the major features within vRealize Log Insight - including dashboards and interactive analytics. You will have a good understanding of how to navigate through the information provided, and where to go for further help.

Open a vRealize Log Insight Tab

Login to vRealize Log Insight

vRealize Operations is integrated with VMware Identity Manager which we will use for user authentication in this lab.

VMware Identity Manager should be pre-selected as the identity source. However, if it is not you will choose it.

VMware Identity Manager should be pre-selected however if needed click the drop down as shown and click VMware Identity Manager

Click LOGIN VIA SSO to take you to the user login page.

VMware Identity Manager Login

The user and password information should already be pre-selected, however if needed the user and password are:

USER: hol

PASSWORD: VMware1!

Click Sign in

vRealize Log Insight DashBoard Page

When you first log in to vRealize Log Insight you are presented with the General Overview dashboard.

Navigating the vRealize Log Insight User Interface

The vRealize Log Insight user interface (UI) was designed with simplification in mind, making relevant information easily accessible and contextually relevant. This section will highlight the major components of the vRealize Log Insight UI to demonstrate the ease of navigation through the solution.

Understanding the User Interface

There are two main user interface pages: the Dashboards page and the Interactive Analytics page. The major areas of navigation on the Dashboards page are:

The Title Bar.

The Content Pane.

The Navigation Pane, which is only visible from the Dashboards view.

The Title Bar

The title bar runs across the top of the vRealize Log Insight user interface. It includes a dropdown on the right hand side for User Preferences and Administration.

The main menu is on the left hand side of the title bar. It has the top level menu items for the two views within vRealize Log Insight - Dashboards and Interactive Analytics.

User Preferences

The User dropdown on the top right hand side of the UI has the following menu items:

My Settings: Set the role and email address of the current user

Log Out: Log out the current user

To open the user menu:

Click on hol@corp.local.

Click on My Settings.

What Roles are listed for the user hol@corp.local? You should have the Super Admin role.

Administration Menu

The Administration drop-down on the top right-hand side of the UI has following menu items:

Administration Settings

The Administration menu item will take you to the area within the tool that includes management options, integration options, and other configuration. It is outside of the scope of this module to review these settings, but feel free to take a look around at the configuration options available here.

Main Menu

The Main Menu is displayed within the title bar, and is where you can switch between the two main areas of the tool:

Dashboards

Dashboards provide the ability to quickly visualize log data and determine potential issues within an environment. You can create dashboards of useful metrics that you want to monitor closely.

Any query can be turned into a dashboard widget and summarized over a time period. You can check the performance of your system for the last five minutes, hour, day or custom time range. You can view a breakdown of errors and observe trends in log events.

Click on Dashboards.

Review the navigation pane.

Available dashboards are listed in the left navigation pane of the Dashboards view. Additional dashboards are added through content packs or manual creation.

Interactive Analytics

The Interactive Analytics view allows administrators and engineers to perform searches using plain language or REGEX strings. Log details can be searched and viewed to determine problem areas and perform root cause analysis.

Click on Interactive Analytics.

Note the Query field.

Query results are presented in charts that can be saved and added to Dashboards. We will explore both much more in the next lesson.

vRealize Log Insight Concepts

Now that we are familiar with the layout of the interface, we will explore the main concepts that you will encounter within vRealize Log Insight. These are:

Log Mangement and Analytics

Lifecycle of an Event

Event Type Grouping

Dashboards

Interactive Analytics

Queries

Content Packs/Extensibility

Log Management and Analytics

vRealize Log Insight provides centralized log management for your entire stack. It allows the sharing of log data across your organization without compromising production systems, and uses search and analysis features for real-time troubleshooting.

vRealize Log Insight collects all types of machine-generated log data, e.g. network traces, configuration files, messages, performance data, system state dumps and more. Most machine-generated data is unstructured, making it difficult to analyze and report on. vRealize Log Insight brings structure to unstructured data by building a high performance index for performing analytics on the data.

In contrast, vRealize Operations Manager consumes structured data - metrics and KPIs with a clearly defined structure. This makes them easy to search and query. With the native integration between vRealize Log Insight and vRealize Operations Manager, you get deeper visibility and insight into your environment through inventory mapping and object alerting. You are able to utilize structured and unstructured data to determine the health of your environment.

Data Collection

vRealize Log Insight collects data from the following sources:

Sources using the syslog protocol

Sources using the vRealize Log Insight agent

Sources that can post data through the REST API

Historical data that was archived using vRealize Log Insight

Lifecycle of an Event

The end-to-end lifecycle of a log message or event includes multiple stages as data flows in and out of vRealize Log Insight from agent read, parse, ingestion, indexing (buckets), alerting, query, archive (bucket seal and ship), and deletion.

An event transitions through the following stages:

The event is generated (on a device outside of vRealize Log Insight)

The event is sent to vRealize Log Insight by one of the supported methods

The event is received bv vRealize Log Insight, and either accepted or dropped

The event is ingested by vRealize Log Insight by passing through the ingestion pipeline

A keyword index is created or updated in the index stored on local disk

Machine learning is applied

The event is stored in a compressed format in a bucket on local disk

The event is queried by vRealize Log Insight

The keyword and glob queries are matched against the keyword index

Regex is matched against compressed events

The event is archived

The event is deleted in a FIFO (first in, first out) model

Log Events

Log events contain the following information:

Timestamp - when the event occurred

Source - Where the event came from (originator or aggregator).

Text - Raw text of the event.

Fields - Name-value pairs extracted from the event.

Let's review one of the event logs:

Go to the Interactive Analytics view.

Enter the vm name "web-01a" into the query bar and press enter.

Verify you are on the Events tab.

Review one of the Events in the list.

Can you identify the parts? Hover over one of the links in the event to see the field (name-value) data.

Note: There are several fields that were not part of the raw data. Where did they come from? This is one of the benefits of the native integration with vRealize Operations Manager - vSphere inventory mapping. Fields can also be defined at the source within the vRealize Log Insight agent and by content packs and users.

Inventory Mapping

One of the things that happens when you configure the vRealize Operations Manager - vRealize Log Insight integration is inventory mapping. It provides additional metadata for vSphere events (ESXi or VM originated), that Log Insight alone would not be able to determine:

vmw_cluster (optional)

vmw_datacenter

vmw_host

vmw_object_id

vmw_vcenter

vmw_vcenter_id

vmw_vr_ops_id

Take a look at any one of the name-value pairs that start with vmw*

Hover over vmw_vr_ops_Id

The value should appear

This gives vRealize Log Insight access to information it wouldn't have otherwise, for example an influx of messages being sent from VMs on the same host. It also enables you to move back and forth between the vRealize Operations Manager and vRealize Log Insight data while keeping the same object in context - invaluable when troubleshooting.

Event Type Grouping

vRealize Log Insight uses machine learning technology to group together similar events. Intelligent Grouping scans incoming data and quickly groups messages together by problem type, enabling high performance searches for faster troubleshooting and root cause analysis. Following on from the example in the last step, grouping the messages together that came from VMs on the same host would very quickly identify a potential problem with that host.

These groupings are displayed as Event Types, and each new type the machine learning discovers is represented by a smart field. Types can be timestamp, string, int, hex and others. Event Types are also added as part of content packs.

Let's review some of the identified event types:

Verify you are in the Interactive Analytics view.

Click on the Event Types tab.

Review one of the Event Types in the list. Notice the number of events for each type.

Hover over the links in a grouping. Each of the links represents a smart field.

Fields

Each event type that machine learning discovers represents a new type of field called a smart field. The default name of a smart field follows the format type_number[event_type]. You can rename smart fields, which will save the field to the configurable list that we will review in this step. Fields are also added through content packs or extracted from log messages manually.

Review configured fields found in the current results:

Verify you are in the Interactive Analytics view.

Click on the << to open the Fields window, if not already open.

Review the listed Fields.

Interactive Analytics

Interactive Analytics allows you to search and filter log events and create queries to extract events. Results are presented in chart and list format.

Navigate to the Interactive view, and search for an object to see the results visualization update:

Verify you are in the Interactive Analytics view.

Enter a hostname into the filter in the query field (try esx-04a and notice how the indexed text shows possible matches as you type). Hit Enter.

Does it change the results visualization? What about the listed fields?

Queries

Queries extract events, search, and add filter criteria. You can search log data using the following:

Complete keywords, globs or phrases

Filter by time range

Combine multiple filter fields using the AND and OR operators

Let's try a simple query, to search for errors over the last 24 hours:

Verify you are in the Interactive Analytics view.

Return to the Events tab.

Enter "error" into the filter in the query field.

Change the timeframe to the Latest 24 hours of data.

Dashboards

Dashboards in vRealize Log Insight give a visual representation of the log data analyzed. Dashboards are included in content packs or can be custom created to show graphs of log events in your environment.

Review the General - Overview dashboard, to see the options available right within the dashboard:

Go to the Dashboards view.

Open the General chevron from the navigation pane and select the Overview dashboard.

Enter a hostname into the filter in the main pane (try esx-04a):

Enter esx-04a on the hostname filter line.

Press Enter to set the filter.

Press Enter again to apply it to the current view.

Does it change the visualizations in the dashboard?

Dashboard Widgets

Dashboard widgets are the individual panes on a dashboard that help you visualize information. The main types of widgets that can be added to a dashboard are:

The General - Overview dashboard contains chart widgets. Can you tell which widgets are in use on the General - Problems dashboard?

Go to the Dashboards view.

Open the General chevron from the navigation pane and select the Problems dashboard.

Content Packs/ Extensibility

Content packs for vRealize Log Insight extend the operational management capabilities of the platform to provide operational visibility into additional, non-vSphere solutions. Content packs can be created by VMware or by third parties. Content packs contain:

Queries

Dashboards

Alerts

Agent Groups

Extracted Fields

Content packs can be added directly through the vRealize Log Insight portal, as displayed in the graphic on this step. In this lab we do not have Internet access, so the Marketplace will indicate that it is unavailable. It is still possible to review installed content packs or import a locally-stored content pack.

Let's review the installed content packs:

Select the Administration drop down in the Title Bar.

Select Content Packs.

Select Marketplace.

Exploring vRealize Log Insight

We are now familiar with the layout of the user interface and the major concepts within vRealize Log Insight. In this lesson, we will really start to see the power of vRealize Log Insight as a log analysis solution. We will walk through the major functions within the tool and put some of the concepts that we learned in the previous lesson into practice.

We will go deeper into the functionality available within the two main areas of the solution:

Dashboards

Interactive Analytics

Dashboards

Dashboards provide visual data, giving insight into the environment. vRealize Log Insight has the following types of dashboard:

Individual Dashboards - dashboards created by the user.

Shared Dashboards - dashboards shared to or from other users.

Content Pack Dashboards - dashboards added as part of a content pack.

In the previous lesson, you saw how to access the VMware Solution Exchange. Be sure to check there before creating your own content.

Existing content packs are also a good source of ideas and best practices when you start to create your own content.

Interactive Analytics

The Interactive Analytics page can be accessed from several areas within the UI:

From the Main Menu (title bar).

From any widget on a dashboard (small graph icon).

From the Settings menu (small gear icon) of a widget by selecting Edit in "Interactive Analytics".

The context in which you entered the Interactive Analytics view will determine what is displayed. For example, using the main menu will open Interactive Analytics with all logs showing, whereas opening the view from within a widget will open Interactive Analytics with that query and chart already loaded.

Switch to the Interactive Analytics view from the Title Bar.

Data Visualization Lab

We will bring these concepts together to create a simple dashboard to show various http statistics from an application. The lab environment contains the following resources:

A 3-tier app that stores employee details:

web-01a

app-01a

db-01a

The three systems are Linux systems already logging to vRealize Log Insight, using the agent.

Web-01a is running an nginx proxy that forwards to app-01a.

App-01a is running httpd.

We will build a dashboard to display information determined from analysis of the app-01a httpd logs.

Lab Overview

We will need to complete the following:

Configure the servers to send the appropriate logs.

Extract the fields that we want to query.

Create queries for the responses we are tracking.

Create the visualizations and add to a dashboard.

Note: We could download and install the ApacheHTTP content pack that already contains all of the fields, queries, charts and dashboards that we need, but that would defeat the object of this exercise!

Access the Application

Note: We refreshed the browser to generate http traffic to the application, to verify in the next step that this data is not currently logging to vRealize Log Insight.

Search for http logs

Return to the vRealize Log Insight tab and search for app-01a, to verify we are not currently collecting the logs we need:

Click on the vRealize Log Insight browser tab.

Click on the Interactive Analytics tab to clear the previous query.

Return to the Events tab.

Click Add Filter.

Enter hostname contains app-01a.

Verify there are No Results.

Add httpd logs

These servers are using the vRealize Log Insight agent to forward logs. That means we can manage the configuration from the central management system. Currently, they are only logging /var/log/messages. We need to add the /var/log/httpd logs.

Click on the 3 bars in the title menu

Click on Administration

Generate Application Activity

Return to the HOL Example App and generate some http traffic. The application browser tab should still be open, if not open a new tab an return to the application:

Return to the HOL Example App tab, or open a new tab in the browser (navigate to web-01a.corp.local).

Hit refresh several times.

Click on Add New Employee.

Verify logs received

Return to the vRealize Log Insight tab and rerun the app-01a query:

Click on the vRealize Log Insight browser tab

Click on the Interactive Analytics tab

Click Add Filter

Enter hostname contains app-01a

Run the query

Verify results

There should be a log for each time you refreshed the page. If not, return to the step where you updated the agent configuration and verify it is correct. Then try the preceding steps again.

Extract Fields

If you recall from earlier in the module, fields in vRealize Log Insight help to give structure to unstructured data, which makes it easy to query and measure the data. Fields are created in several ways:

We are going to extract the following fields from our httpd logs, so that we can build queries and a dashboard around the information:

hol_httpd_request_type - Field containing POST, GET, PUT.

hol_httpd_request_page - Field containing page requested (/*php).

hol_httpd_response_time - Field containing the http response time in ms.

hol_httpd_response_code - Field containing http response code.

Build Queries

Now that we have defined the fields that we want to measure on, we can build the queries that we will use to filter the data. We are going to create queries against app-01a only, although you could create the queries without specifying the hostname, and the hostname could be entered directly into the dashboard. This is useful if you have many similar servers where you want to display for the same information.

The query definition in vRealize Log Insight also defines how the data should be displayed, which fields to use for grouping data, and if it should be graphed using time series or non-time series:

Time series graphs the data as it happens, using line and chart graphs, and is best for correlating issues and identifying trends.

Non-time series will show matching totals over the configured time period.

We will use both types to illustrate the difference. The queries we will create are:

Count of http request types, non-time series

Count of pages requested, non-time series

Http response time, time-series

Http response codes, time-series

Create the app-01a Http Dashboard

Now we will create a dashboard to display the data. Move to the Dashboards tab, and check if there are any existing shared dashboards. There are not. We will create one:

Click on Dashboards

Click on Shared Dashboards

Click on + NEW DASHBOARD

Generate Application Activity

Return to the HOL Example App and generate some http traffic. The application browser tab should still be open, if not open a new tab an return to the application:

Return to the HOL Example App tab, or open a new tab in the browser (navigate to web-01a.corp.local).

Hit refresh several times.

Click on Add New Employee.

View Results on Dashboard

Return to the dashboard and review the data displayed:

Return to the vRealize Log Insight browser tab.

Click on Dashboards.

Click on App-01a Http Statistics, if you were not returned there directly.

View the information displayed in the widgets.

Change the timeframe to the Latest hour of data.

Hopefully this lab illustrated how easy it is to use vRealize Log Insight to collect logs from your environment, group the data, and display the data in a meaningful way. As discussed, there are many content packs available that contain pre-defined fields, queries, alerts and dashboards. For data specific to your environment - where there may not be a content pack available - it is simple to build out new content or modify existing content to provide meaningful analysis of your data.

This information can be shared with leadership (and other teams that require the information but not access to the systems), reported on, alerted on, and made available where and when needed.

Conclusion

In this module, we walked through the main features and functionality of vRealize Log Insight. We covered the core concepts and capabilities of the tool. We took a fairly simple use case, and showed how to quickly generate a query, visualization and a dashboard. We have really only scratched the surface of what we can do with the intelligent log management features within Log Insight. The native integration with vRealize Operations Manager makes it an essential addition to your cloud management portfolio.

Module 3 - What's New in vRealize Operations (30 minutes)

Introduction

Welcome to Module 3 - What's New in vRealize Operations! In this module, we will explore the new features that became available with our 6.6 and 6.7 version updates. We will walk through some of the most popular new features and show the benefit that they can bring to your environment.

Log in to the vRealize Operations HVM instance

This lab environment is running three different instances of vRealize Operations and one instance of vRealize Log Insight. We have the different vRealize Operations instances in order to be able to work through different use cases that have unique requirements. The lab instances are as follows:

Live Instance: Connected to the small running vSphere environment in the lab. There isn't a large inventory of objects in this instance but it allows us to interact with vCenter.

Historical Instance: Running a 30-minute time loop of data that was captured in the past. This instance has a much larger inventory of objects but since it is not currently connected to a vCenter, we can't perform any actions here.

Blue Medora Management Packs: Also running in historical mode, this instance has a large number of management packs from Blue Medora that allow us to see information from adjacent infrastructure (storage and physical servers) as well as operating system and application information.

In this lesson we will be using the Historical Instance of vRealize Operations.

If you are already logged into the historical (not live) instance of vRealize Operations, click to skip ahead.

Open the Chrome Browser from Windows Quick Launch Task Bar

If your browser isn't already open, launch Google Chrome

Click the Chrome icon on the Windows Quick Launch Task Bar

Open the vRealize Operations - Historical Instance Tab

The browser home page has links to the different instances of vRealize Operations that are running in the lab.

Click the vRealize Operations - Historical Instance link to open the UI in a new browser tab

Log in to vRealize Operations

If Local Users is not the default, click the drop down as shown and click Local Users

Enter user credentials. Username is admin and password is VMware1!

Click LOG IN

What's New! vRealize Operations 6.6

vRealize Operations Manager 6.6 was released on June 13th, 2017. Version 6.6.1 (a maintenance release) was released on August 8th, 2017 and contained many minor bug fixes. This lesson will update you on the feature enhancements to vRealize Operations Manager that came with the 6.6 upgrade. If you are already at version 6.6, feel free to skip this lesson and move to the 6.7 Updates lesson.

The next few steps review new functionality as listed in the release notes for vRealize Operations 6.6. If you want to dive directly into hands-on with some of these features, skip ahead to "New HTML5 UI".

Otherwise, take a couple of minutes to review the updates.

6.6 Updates

vRealize Operation Manager 6.6 focuses on enhancing product usability, accelerating time to value, and improving troubleshooting capabilities. The information on the next few steps is taken from the Release Notes for 6.6.

New HTML5 UI

The new HTML5 UI provides an easier and consistent experience across the VMware product line. Like other VMware solutions, it is based on the Clarity Design System (a VMware created and maintained, open source environment containing UX guidelines, an HTML/CSS framework, and Angular components to create an exceptional user experience). The overall result is a cleaner, fresher, faster, easier to navigate user interface.

The Clarity Design System has also been used to update the user interfaces for many other VMware solutions, including vCenter, vRealize Orchestrator, vRealize Log Insight and vRealize Business for Cloud. This gives a consistent, modern look and feel to our solutions.

Getting Started Dashboard

The Getting Started dashboard, introduced in version 6.6, took the work we had done creating dozens of out-of-the-box dashboards (based on customer use cases), and grouped them into persona based groups. These groupings guide you to the information that you need, when you need it. It is still available in version 6.7 and continues to be the preferred navigation dashboard for many version 6.7 customers.

To find the Getting Started dashboard:

Click Dashboards.

Open menu for All Dashboards.

Select the Getting Started dashboard.

Persona-Based Dashboards

vRealize Operations 6.6 introduced Persona-Based Dashboards that help you navigate the vast amount of information available about your environment. The personas are based on your role or the task you are trying to accomplish. Dashboards are grouped by persona for easy navigation.

Review the personas and associated dashboards on the Getting Started dashboard by clicking in the personas below:

Select the Operations persona.

Select the Capacity and Utilization persona.

Select the Performance Troubleshooting persona.

Select the Optimize persona.

Select the Configuration and Compliance persona.

Take some time now to review the dashboards associated with each category.

Although the workload balance functionality was introduced in 6.6, it was improved in 6.7 and the navigation options changed:

The Workload Balance persona in 6.6 was renamed to Optimize in 6.7

The Workload Management dashboard in 6.6 was updated to Workload Optimization, and moved to the Quick Start navigation option in 6.7.

This lab is 6.7, and we will therefore navigate using the 6.7 navigation options.

vSAN Management

vRealize Operations Manager 6.6 added native vSAN management capabilities. In previous versions, vSAN management support was added through a management pack that had to be downloaded from the VMware Solution Exchange. This management pack is now part of the core product. It added the following capabilities:

Conclusion

There were many great feature enhancements in vRealize Operations 6.6, as listed in the introduction to this lesson. We have walked through only a few of them. There are even more great features in version 6.7, so be sure to complete the next lesson!

What's New! vRealize Operations 6.7

vRealize Operations 6.7 was released on April 12th, 2018. It is a major release. This lesson will update you on the feature enhancements to vRealize Operations Manager that came with the 6.7 upgrade.

The next few steps are reviewing the new functionality listed in the release notes. If you want to dive directly into hands on with some of these features, skip ahead to "Quick Start Dashboard".

Quick Start Dashboard

In addition to the Getting Started dashboard introduced in version 6.6, version 6.7 adds an additional navigation dashboard - Quick Start. This dashboard aligns the vRealize Operations Manager capabilities under the associated use cases.

Quick Start was explored in detail in the previous module in this lab:

Refer back to that module for more information on the Quick Start dashboard. In this lesson, we will simply review the dashboard and how it guides you through the core functionality of vRealize Operations Manager.

New Capacity Analysis Engine

vRealize Operations Manager 6.7 includes a completely new, (near) real-time Capacity Analysis engine. There are also new capacity overview, reclamation and planning UI workflows powered by new real time capacity analytics, resulting in quick time to value:

Capacity updates are available immediately after changes occur in the environment.

Capacity forecasts now includes both an upper and a lower confidence band.

Time Remaining, Capacity Remaining, and Right-Sizing have improved accuracy.

Capacity "what-if" scenarios available for future projects and changes.

Costing integrated directly with capacity.

There is a more detailed analysis of Capacity in vRealize Operations 6.7 in HOL: 1901-02 Optimize Performance and Assess vSphere Configuration and Compliance with vRealize Operations.

Cost Engine

vRealize Operations Manager 6.7 added cost drivers directly into the solution. If you are familiar with vRealize Business for Cloud, you will know about Cost Drivers and the cost reference database. In previous versions of vRealize Operations Manager, integration with vRealize Business for Cloud was required in order to see cost information. Now the cost engine is included directly within vRealize Operations Manager!

vRealize Operations Manager 6.7 comes with a cost reference database out of the box. These are infrastructure costs that VMware has analyzed over time and added to a database that gets updated quarterly. This means that you get costing information immediately for your environment. Of course, if you know your actual costs, you can add them directly to get an even more accurate picture.

Business-Intent-Driven Automated Workload Balancing

Business or Operational Intent is how we instruct vRealize Operations to manage our resources. Once you configure intent for the datacenter, vRealize Operations Manager will manage workload placement to comply with that intent.

Here are some examples of intent:

Assure the best application performance.

Save money through license enforcement.

Meet compliance goals.

Drive infrastructure costs as low as possible.

Implement SLA tiering.

vSphere Optimization Assessment

The vSphere Optimization Assessment has been completely revamped in 6.7. As well as being easier to access (it is now linked on the Quick Start dashboard), we also added the following improvements:

Easier to use with one-click report generation.

Revamped and expanded reports with easy to understand content.

Highlights vRealize Operations new capabilities and features.

To find the assessment, navigate from the Quick Start page:

Select Home from the title menu.

Scroll to the bottom of the page, and click VIEW MORE to make all options visible (The screenshot shows the options expanded, so the "View Less" button is visible).

In the Run Assessments section, click on the vSphere Optimization Assessment link.

Dark Theme

This section wouldn't be complete without a shout-out to the dark theme. Some users swear it is easier on their eyes. You can change to the dark theme and other display options in user preferences.

Note that you will need to log out of this historical instance of vROps and into the Live Instance in order to view the dark theme.

Conclusion

In this module we walked through the functionality introduced in vRealize Operations versions 6.6 and 6.7.

We were not able to cover all of the updates, so be sure to refer to the release documentation for each update.

Take a look at some of the more advanced vRealize Operations labs if there is an area you would like to explore further.

Open a vRealize Log Insight Tab

Login to vRealize Log Insight

vRealize Operations is integrated with VMware Identity Manager which we will use for user authentication in this lab.

VMware Identity Manager should be pre-selected as the identity source. However, if it is not you will choose it.

VMware Identity Manager should be pre-selected however if needed click the drop down as shown and click VMware Identity Manager

Click LOGIN VIA SSO to take you to the user login page.

VMware Identity Manager Login

The user and password information should already be pre-selected, however if needed the user and password are:

USER: hol

PASSWORD: VMware1!

Click Sign in

vRealize Log Insight DashBoard Page

When you first log in to vRealize Log Insight you are presented with the General Overview dashboard.

UI Enhancements

In this section we will be exploring the new vRealize Log Insight user interface improvements.

Understanding the User Interface

There are two main components to the user interface (UI), the Dashboard view and the Analytics view. There are multiple navigation options within the tool, but only these two views make navigation simple. The major areas of navigation are:

The Title Bar

The Content Pane

The Navigation Pane, which is only visible from the dashboards view.

New Ability to Display Legend on widgets

Please note the new ability to quickly enable a legend on all widgets of a dashboard. This can be helpful if there is a particular time period or data point you are looking for.

Navigate to Administration

Next, lets navigate to the Administration area. In the upper right hand corner of the browser you can navigate to the Administration pane.

Select Administration from the drop down. We will now be directed to management pane.

New Ability to Export full lists of Hosts and Agents

On the Navigation pane we have options to configure management settings. Lets get a list of the hosts.

New Ability for Bulk Actions on Access Control

From the management pane we now have the ability to do bulk edits to access controls. Note the ability to select more than one account to modify.

Select one or more users (or groups).

Please note the DELETE option is now available, but DO NOT delete the accounts as it may impact functionality in other modules of this lab.

We also have the new ability to do bulk deletes of roles.

Select Roles

Select the check box to select all

Please note the 'delete' option is now available, but DO NOT delete the roles.

Event Forwarding Options

In this lesson we will now explore new Event Forwarding options that enable administrators to create new event management capabilities. Log Insight Event Forwarding can now support more complex logging scenarios including 3rd party integrations and supporting legacy systems.

Event Forwarding of Raw Syslog Format

Why is 'Raw' format important? Per syslog RFC's, a system that forwards events must add its personal prefix to all events forwarded for auditing and tracking purposes. The addition of headers to syslog events can sometimes cause complexity and delays in processing events by third-party systems when multiple systems relay syslog events and multiple headers get appended. To mitigate this challenge, administrators may want to leverage the 'Raw' format so that events are forwarded without any additional meta data appended (non-RFC compliant).

Now lets looks at some of the new Event forwarding options. From the Management pane:

Select 'Event Forwarding'.

Create a new event forwarding event, select 'NEW DESTINATION'

While configuring the new event forwarding rule, we now have the option to specify 'Raw' as a selection option.

You can also edit or clone an existing event forwarding destination. If you edit the destination to change an event forwarder name, all statistics are reset. For more detailed information on configuring vRLI event forwarding, please see the official VMware documentation at this link.

Event forwarding over UDP

In addition to forwarding events in 'Raw' format, we also now have the ability to specify 'UDP' as a transport option.

Select 'Event Forwarding'.

Create a new event forwarding event, select 'NEW DESTINATION'

While configuring the new event forwarding rule, we now have the option to specify 'UDP' as a selection option.

Why is UDP Transport important? The ability to use UDP can be helpful as certain legacy applications may only support sending Syslog events over TCP.

NOTE: UDP does not support SSL at this time. Any configured SSL settings will be ignored if UDP is configured

Conclusion

In this module you were able to explore the new UI enhancements and agent event forward features. We believe these improvements will make using vRealize Log Insight more helpful and efficient. Thank you!

You've finished module 4

Congratulations on completing module 4.

If you are looking for additional information on vRealize Log Insight, try one of these: